virus logo FortiClient Vulnerability

OpenSSL CVE-2015-3196 Race Condition Vulnerability

description-logoDescription

Severity: LowIf PSK identity hints are received by a multi-threaded client thenthe values are wrongly updated in the parent SSL_CTX structure. This canresult in a race condition potentially leading to a double free of theidentify hint data.This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previouslylisted in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0and has not been previously fixed in an OpenSSL 1.0.0 release.OpenSSL 1.0.2 users should upgrade to 1.0.2dOpenSSL 1.0.1 users should upgrade to 1.0.1pOpenSSL 1.0.0 users should upgrade to 1.0.0tThe fix for this issue can be identified in the OpenSSL git repository by commitids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2015-3196

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 39844
Created Jan 17, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor OpenSSL
Patch manual
Application OpenSSL